Web historians at the Internet Archive are the target of a hacktivist cyberattack

The Internet Archive, the non-profit digital library and operator of the popular Wayback Machine, which has a collection of billions of recordings of past web pages, is under a sustained cyberattack in the form of a significant distributed denial. A DDoS (DDoS) attack occurred on its website infrastructure and a major breach that may have resulted in the data of 31 million users being stolen.

Visitors to the organization’s website were greeted by a JavaScript pop-up created by the attackers on the afternoon and evening of Wednesday, October 9th. In their message, the hackers behind the attack said: “Have you ever felt like the Internet Archive is running on sticks, constantly on the verge of suffering a catastrophic security breach?” It just happened. See 31 million of you on HIBP! [HaveIBeenPwned]”

Accordingly Beeping computerTroy Hunt, owner of HaveIBeenPwned, has confirmed that the attackers gave him a 6.4GB database that is currently being added to the HaveIBeenPwned service.

At 2am BST on Thursday October 10, Internet Archive founder Brewster Kahle said the DDoS attack had been “repelled for now” and revealed that the organization’s website had been defaced. He also confirmed that there had been a breach involving usernames, email addresses, and salted and hashed passwords.

However, at the time of writing, the US-based organization’s website remained inaccessible over a public internet connection, and at around 12pm BST, Kahle said: “Sorry, but the DDoS people are back and have archive.org and openlibrary.org taken offline.”

“@InternetArchives is cautious and prioritizes data security at the expense of service availability,” he said via his X account. “We will share more as we know.”

Meanwhile, the group responsible for the attack has identified itself as SN_BlackMeta, a hacktivist operation that supports pro-Palestinian causes.

In statements posted on X, the collective said: “The Internet Archive has and is [sic] suffers from a devastating attack. We launched several highly successful attacks over five hours, and to date all of their systems are completely down.”

Responding to questions online, they said: “You are being attacked because the archive belongs to the USA and as we all know, this terrible and hypocritical government supports the genocide being committed by the terrorist state of Israel.”

This is disinformation. Although the Internet Archive is based in the United States, it is a nonprofit organization and has no connection to the U.S. government, regardless of Washington’s stance on the wars in Gaza and Lebanon.

“Hacking the past is usually technically impossible, but this data breach is the closest thing to it,” said Jake Moore, global cyber security advisor at ESET. “The stolen data set contains personal information, but at least the stolen passwords are encrypted. However, it’s a good reminder to make sure all your passwords are unique, as even encrypted passwords can be cross-referenced to previous uses of them.

“HaveIBeenPwned is a fantastic free service to use after a breach. It securely contains millions of hacked usernames and passwords, allowing users to securely compare their credentials against the database to verify if they have ever been involved in a breach. If you come across your data in known breaches, it would be a good idea to change those passwords and implement multi-factor authentication.”